Privacy is not a Smartphone Keepsake

We all understand that the smartphone is one of the most useful spying devices ever invented. It's innate ability to incorporate the capabilities of each and every app combined with the hardware capabilities of the device make today's smartphones the insider's perfect surveillance tool. Each smartphone collects and uses everything available to it for the proclaimed purpose of enhancing our personal life. This is something we desire, we are willing to part with money to have one, and our friends use theirs to trade their most intimate keepsakes and treasured moments with us with hopes for receiving our own memoirs.

Can the Smartphone Operating System be Weaponized?

It would be very simple to design any operating system to consolidate everything it has within it's reach into an information envelope. How that information would be used and who it belongs to is an ongoing passionate discussion at many levels. While these discussions ensue, one acknowledges that at it's most primal levels the purpose of business is to make a profit.

Is the Android Operating System Pro-Privacy?

Knowing that Android is a Google made operating system one must understand that Google is a business. The sale of the Android Smartphone is one profit vector. The sale of the Android operating system is another profit vector. The commission on the sale of Android Apps from the official Google Play store is yet another profit vector. The collection and handling of all things touched by those vectors yields a natural information profit vector. A company would be foolish to overlook the wealth attached to the information profit vector and could likely be litigated as management negligence by greedy shareholders. So even Apple would be hard pressed to not increase company margins from the information available to them. Regardless of company claims about privacy one must be cautious and play devil's advocate with such claims since we all are aware of the purpose of business and litigious nature of greedy shareholders.

How to Stay Private within Android

The most complete way to obtain Android privacy would be to turn it off, bit cleanse it, and discard it.

Since we're not about to go that far we must set our sights on the goal to turn off as many unused features that we can while still retaining the smartphone capabilities we need.

Begin by turning off whole features that aren't needed, such as:

Bluetooth presents many security vulnerabilities; turn off when not needed,
Location is a privacy nightmare; at least turn off for all but 911, and
Data Sharing can leak information; avoid using.

Simply by doing that, one has made their Android phone safer.

Secure Android with a PIN

Basic privacy can be achieved by securing the Android smartphone with a PIN (personal identification number). This locks the phone and protects it superficially from the prying eyes of those without the PIN.

Android smartphones allow one to use the old-fashioned PIN or password, fingerprint, or facial recognition as the lock for the phone. The PIN is the best in terms of data privacy. When using fingerprint or facial recognition one must agree to Google's collection and use of biometrics. Further, those biometrics are transmitted to Google.

Avoid Google Data Protection

Relying on Google to protect your information privacy is akin to paying the Credit Bureau who lost your data in their own data breach to protect your information privacy. It just doesn't make sense. Yet both Google and that Credit Bureau get away with doing just that for so many.

Fortunately, Android makes Google protection difficult but doable.

Go to settings>privacy>advanced to turn off "personalize using app data".

Go to settings>privacy>advanced>autofill service>activity controls from Google>activity controls to turn off data collection; one needs to do this for each and every gmail account that has been setup on the phone.

Encrypt your Android Smartphone

Encryption makes the information residing on the entire smartphone private since it garbles it beyond recognition to all but those with the keys to remove the encryption. When the phone is off the data remains garbled. When the phone is connected to another device (say by USB or Bluetooth) the data remains garbled; until someone provides the encryption key to remove the encryption.

In 2020, Android smartphones allow one to use the old-fashioned PIN or password, fingerprint, or facial recognition as the encryption key. The best key in terms of data privacy is the PIN. When using biometrics one must agree to Google's collection and use of biometrics. Further, those biometrics are transmitted to Google.

Go to settings>security>advanced>encryption & credentials to turn on encryption. This will take some time so make sure to have the phone connected to power.

Note: encryption isn't hardly noticed when using the phone, since during use, only the data that is being accessed in the moment will have it's encryption removed and replaced. The author's encrypted Android 2 responds way faster than his previous bloatware enhanced non-encrypted Samsung Edge ever did.

Keep Android and Apps Updated

Smartphone vulnerabilities are exploited with lightening speed. The rule of thumb for the security conscious is keep one's phone fully updated.

Go to settings>system>advanced>system update to check for the latest Android O.S. update.

Use Caution Installing Apps from Unknown Sources

Initially, Android is set to download apps from approved sources. There's a security reason for leaving this setting alone. Yet, on occasion Android may ask one to enable app downloads from unknown sources. Read all notifications and be sure of what you are agreeing to because unknown sources are often sources of malware and flawed software putting one's smartphone at risk. The setting exists for thoughtful use and should be turned off as soon as possible after use; the popular credit card Square software needed to be installed this way, at the time of writing this article.

Go to settings>security>google play protect> to turn it off; afterwards one can install from unknown sources.

Is My Privacy Safe in the Cloud

Many apps and accounts today are asking permission to sync your information with the cloud. Sometimes we want to do this for the convenience, but is this a good idea?

It really all comes down to who one trusts to hold their personal information.

Google, for example, breaks your information into tiny pieces and spreads those pieces globally; their intent is that a breach in one geographic location could never disclose the whole of that information since the breach could only retrieve data from the one physical location of the breach. Yet, Google is said to sift through the information they store for the purpose of target marketing. Further, Google is known for their willingness to cooperate with authorities by readily turning information over to authorities.

In total privacy contrast is ProtonMail who encrypts all data. First, they suggest the use of a VPN (virtual private network) to encrypt and protect the transmission of the information to and from their facility; they even provide a free VPN if you don't have one. Then the data encryption keys are never provided to ProtonMail which means that they cannot view the data held by them. Further, the entire storage (data warehouse) is held deep inside a mountain in a country with some of the strongest privacy laws in the world. Not only is it protected physically and visually but it is protected by laws which are well known for blocking all requests from authorities of any nation.

Go to settings>accounts to adjust cloud syncing of your information.

Does VPN Protect My Privacy?

VPN (virtual private network) can be viewed like a soda straw. Like a soda straw keeps all of the fluid from one end to the other end of the straw contained within the confines of the soda straw, a VPN keeps all of the data contained from point A to point B. Today's VPN also encrypts the data that flows within. The impact this has is to protect your information from prying eyes as it is moved from one location to another; even if the pathway gets breached all of any escaping data is encrypted. Any man-in-the-middle attack would need to break the encryption in order to make sense of any tidbits of information stolen during the breach.

When getting a VPN be cautious of the provider. My suggestion is to avoid USA or EU based vendors because they may be required to share their data with others.

For those seeking a free VPN the author suggests the one from ProtonMail, a Switzerland vendor.

The author uses a paid-for VPN from Bitdefender, a Russian vendor. Bitdefender also protects his Android smartphone with their Total Security software. The author has used their free and paid versions of their security products on numerous computer systems for many years.

Kaspersky, a Russian vendor, is touted by and used by many information technology professionals as an anti-virus tool. The author has used Kaspersky with success for specific computer cleaning. Kaspersky has moved it's data processing to Switzerland; recall that one of the reasons that ProtonMail, a Switzerland vendor, operates in Switzerland is because of that country's strong privacy laws. Kaspersky also offers a VPN; the author has not evaluated Kaspersky's VPN.

What is the Best Pro-privacy Email for Android?

Make sure you are using a secure email provider who doesn't read your emails. In case you've never heard this before, one should know that everything on Gmail is read by Google; of course to help you, right? Just know that there are plenty of secure and private email providers.

One that stands out from the crowd on privacy is ProtonMail. What makes this one stand apart from the rest is that they have their data center deep inside a mountain, yes literally in a mountain, transmission of email to and from ProtonMail is fully encrypted (garbled if you like), emails stored on their systems is encrypted, and only the email account owner has the encryption keys. Yes, it's true if one ever forgets their encryption keys nobody can recover those emails, not even ProtonMail. One last comment, ProtonMail is located in Switzerland where robust strict privacy laws exist; the reality is that authorities across the globe have no ability to force ProtonMail to provide your emails. Recall, even if they were forced to provide your emails, you are the only one with the keys to remove the encryption so that the emails are readable.

Android Privacy Summary

On it's surface and by design, the Android operating system was made by Google who by default has access to see and record everything that the phone is capable of. Mechanisms for Privacy Loss include motion sensors, GPS location, Cellular Tower location, camera, microphone, biometrics, contact lists, emails, texts accounts, notes, and anything else one would, even momentarily, place on the phone.

If you've read this far and performed even one of the activities mentioned, congratulations, you're on the good path to take control and secure your privacy. There is much more that can be done down the privacy road for one's smartphone, tablet, laptop, and desktop devices; the author will cover those in an upcoming article.

About the Author

Steve Meyer, a data mining industry insider, is a privacy and security evangelist who has spoken before world thought leaders in Washington D.C. presenting time proven strategies to restore one's privacy. Combining his decades of information technology skills with data mining experience Steve's audiences take an emotional roller coaster ride receiving behind the veil insights into the underworld of PII (personal identifiable information) trading!

Steve Meyer is a co-founder of and spokesperson for the Constitutional Alliance, an alliance of groups and individuals who support the Mission Statement.